Home Research Publications CV Talks Personal FAQ Bio
Research Overview
My research lies at the intersection of human-computer interaction, privacy and security, and systems, focusing primarily on three questions:
  • How can we use rich sensor data to improve our lives?
  • How can we make privacy and security easier for everyone?
  • How can we shift the burden of privacy and security to other parts of the ecosystem?

My research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have been generously funded by DARPA, National Science Foundation, IBM, Army Research Office, Microsoft, Nokia, Intel, Google, Portugal Telecom, Pitney Bowes, CMU Cylab, NQ Mobile, Samsung, Yahoo, the Alfred P. Sloan Foundation, and more. Our work has been featured in CNN, New York Times, BBC, CBS News, MIT Tech Review, World Economic Forum, and more.

Our team's work has had a lot of positive impact on science and on practice. Our work on anti-phishing was adopted by industry groups, inspired the design of anti-phishing browser warnings, and was commercialized through Wombat Security, which has helped train millions of people about cybersecurity. Our team's work on PrivacyGrade.org has influenced industry and policy makers with respect to smartphone privacy.

I help run the Pervasive Computing subreddit. I sometimes write for BLOG@CACM. I was also a co-founder of Wombat Security Technologies, which was acquired by Proofpoint in March 2018.

What's New?
Jul 1, 2018
I am now officially a full professor at Carnegie Mellon University. Sadly, there does not seem to be a secret handshake.

Jun 20, 2018
I helped moderate a panel on Capitol Hill about AI for Good. (Youtube video)

Mar 1, 2018
Wombat Security, which I co-founded in 2008, was acquired by Proofpoint for $225m!

Sep 1, 2017
I wrote a roadmap for privacy research entitled The Privacy Landscape for Pervasive and Ubiquitous Computing.

Sep 1, 2017
Our paper on the PrivacyStreams programming model is available. PrivacyStreams makes it easier for Android developers to get the data they want, while also improving privacy. The programming model uses a functional stream processing approach (a bit like Unix pipes). For example, a developer can get audio, transform it to loudness, and then get it via a callback. We can then analyze the code and let end-users know that this app "uses microphone for loudness". (PrivacyStreams GitHub site)

May 29, 2017
I was recently honored with Alumni of the Year from my old high school, South Carolina Governor's School for Science and Math. Here is a link to my speech at the commencement.

May 16, 2017
The HCII and the Tepper School of Business are offering a new Master's Degree of Product Management. I'm helping to run the HCII side.

Nov 9, 2016
Gave a talk at Intel iSecCon on Privacy and Security for the Emerging Internet of Things.

Jun 7, 2016
White paper with New America entitled Toward a Safe and Secure Internet of Things.

Feb 20, 2016
Keynote talk at ICISSP 2016 entitled Privacy, Ethics, and Big (Smartphone) Data.

Sep 9, 2015
Presented some of our team's work on using smartphones for healthcare at the World Economic Forum at Dalian.

Aug 13, 2015
Our CCS 2014 paper Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation won Honorable Mention at NSA's Best Scientific Cybersecurity Paper Competition.

Aug 12, 2015
My article about the human element of cybersecurity was published on Slate.

Jun 30, 2015
Gave a talk at HCIC 2015 on Social Cybersecurity, but the talk was really about the relationship of Theory with Technical HCI. Here is the workshop paper and slides.

Jun 17, 2015
I'm honored to now be a New America National Cybersecurity Fellow.

Apr 5, 2015
White paper for the NITRD National Research Strategy on Privacy, entitled Research Issues for Privacy in a Ubiquitously Connected World.

Dec 26, 2014
PrivacyGrade.org presents our privacy analysis of 1 million Android apps. Our work has appeared on CNN, US News and World Report, New York Times, CNBC, IEEE Spectrum, Forbes, and more.

Dec 1, 2014
I'm very fortunate to have received the HCII Career Development fellowship. Special thanks to my colleagues and students at CMU.

Sep 17, 2014
My brother and I have created the Frances and Chou-Chu Hong graduate fellowship at the Veterinary and Animal Sciences Department at the University of Massachusetts.

Jun 16, 2014
Gave keynote talk at Mobile Cloud Computing and Services Workshop (Mobisys 2014) on Privacy, Ethics, and Big (Smartphone) Data.

Mar 10, 2014
One hour crash course in UX design (see slides)

Oct 25, 2013
Gave a talk at PopTech 2013 on sensing and privacy. See slides and video here.

Apr 9, 2012
Livehoods.org re-imagines how cities work in the age of social media. Livehoods has been featured in The Atlantic Cities, Wired Insider, MIT Technology Review, Fast Company Co.Design, New York Post, Wall Street Journal, and Haaretz.

Current Research
Google Scholar | CMU CHIMPS Research group website | CV | All publications

Phenom: Enabling an Ecosystem of Personal Behavioral Data
How can we make better use of all of the wealth of personal behavioral data (smartphones, web usage, social networking) to develop a better computational model of people, places, activities, and things?

Giotto: An Open Infrastructure for the Internet of Things
The goal of this project is to build out an open infrastructure for the Internet of Things, in a manner that is adaptive, privacy-sensitive, and easy for developers.

UniAuth: Streamlining Authentication for Ubiquitous Computing
What kinds of protocols, APIs, and user interfaces are needed for our smartphones to manage all of our authentication needs, both for the web and Internet of Things?

PrivacyGrade: Analyzing Smartphone App Privacy
How can we analyze the privacy of millions of smartphone apps in a manner that is scalable and understandable to everyday users?

Social Cybersecurity
How do people talk about cybersecurity? How can we apply techniques from social psychology to improve people's awareness, knowledge, and motivation to be secure?

The CHIMPS Research Team
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs:
  • Fanglin Chen, working on intelligent agents for messaging
  • Siyan Zhao, working on smartphones and well-being
  • Haojian Jin, working on AI/Ethics
  • Tianshi Li, working on smartphone privacy
  • Cori Faklaris (with Laura Dabbish), working on social cybersecurity
Some alums of the CHIMPS group:
  • Karen Tang
  • Janne Lindqvist, now an Assoc Prof at Rutgers
  • Polo Chau (with Christos Faloutsos and Niki Kittur), now an assoc prof at Georgia Tech
  • Guang Xiang (with Carolyn Rose), now doing a startup in China
  • Jialiu Lin (with Norman Sadeh), now a privacy engineer at Google
  • Shah Amini, now at Facebook (previously Appthority and Google)
  • Jun Ki Min, now at Motorola
  • Mike Villena, now at Appthority
  • Afsaneh Doryab, now a System Scientist at CMU
  • Song Luan, now at YouTube (previously Uber)
  • Jason Wiese (with John Zimmerman), now an Asst Prof at University of Utah
  • Eiji Hayashi, now at Google ATAP
  • Sauvik Das, now an Asst Prof at Georgia Tech
  • Dan Tasse, now a data scientist at StitchFix
Some of My Writings and Other Stuff I Helped Create
Running Program Committees My Cybersecurity Advice (for general audiences) Research Tools, Software, and Web Sites Instructor Guides and Reading Seminars Advice for PhD students and Grad School Applicants Odds and Ends The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the design of customer-centered web sites. Check out the web site for our book The Design of Sites. Our book has been translated into Polish, Chinese, Korean (and possibly other languages as well).
Current Service Some Past Service